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i 

IN THE CLAIMS j 

Please amend claims 1 and 1 3 as follows: i 

1 . (Currently Amended) A public key infrastructure (PKI) comprising: 

a subject; ; 

a certificate authority issuing a first certificate to the subject, the first certificate 
including a public key of the subject, long-term identification information related to the j 
subject, and meta-data related to the first certificate, wherein the first certificate is not signfcd 
by the certificate authority, the certificate authority maintaining a database of records i 
representing issued certificates in which it stores a record representing the first certificate, , 
| wherein the issued certificates are not signed bv the certificate authority and are valid until i at 
least one of revoked by the certificate authority and expired; and 

a verifier maintaining a hash table containing cryptographic hashes of valid 
certificates corresponding to the records stored in the database and including a cryptographic 
hash of the first certificate, wherein the subject presents the issued first certificate to the . 
verifier for authentication and demonstrates that the subject has knowledge of a private key 
corresponding to the public key in the first certificate. I 

i 

2. (Previously Presented) The PKI of claim 1 wherein the first certificate includes an* 
expiration date/time. 

3. (Previously Presented) The PKI of claim 1 wherein the first certificate does not 
include an expiration date/time. 

4. (Original) The PKI of claim 1 wherein the private key is stored in a smartcard 
accessible by the subject. 

5. (Original) The PKI of claim 1 wherein the private key is stored in a secure software 
wallet accessible by the subject. 

6. (Previously Presented) The PKI of claim 1 wherein the verifier computes the j 

2 I 
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cryptographic hash of the first certificate with a collision-resistant hash function. 

7. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a SHA 
1 hash function. 

8. (Original) The PKI of claim 6 wherein the collision-resistant hash function is a 1VCD5 
hash function. 

t 

9. (Previously Presented) The PKI of claim 1 wherein the certificate authority and the 
verifier operate to Tevoke the first certificate when at least a portion of the long-term 
identification information related to the subject no longer applies to the subject. 

10. (Previously Presented) The PKI of claim 1 wherein the certificate authority and the 
verifier perform a revocation protocol to revoke the first certificate when at least one of the 
private key is comprised and at least a portion of the long-term identification information | 
related to the subject no longer applies to the subject, the revocation protocol including: | 

the certificate authority retrieving a record representing the first certificate from thb 
database and obtaining a cryptographic hash of the first certificate; 

the certificate authority sending a message to verifier containing the cryptographic 
hash of the first certificate and requesting that the verifier remove the corresponding 
cryptographic hash of the first certificate from its hash table; 

the verifier removing the cryptographic hash of the first certificate from its hash t^ble 
and notifying the certificate authority that it has removed the cryptographic hash of the fufst 
certificate from its hash table; and 

the certificate authority collecting the notification sent by the verifier. 

1 1 . (Previously Presented) The PKI of claim 1 0 wherein the revocation protocol includes 
the certificate authority marking the record of the first certificate in the database as being 
invalid, for auditing purposes. ( 

i 

1 2. (Previously Presented) The PKI of claim 1 0 wherein the revocation protocol includes 



PAGE 5/26 * RCVD AT 4/13/2006 9:38:24 PM [Eastern Daylight Time] * 8VR:USPTO-EFXRF-1/1 0 * DNI8: 2738300 * CSID:6125732O05 * DURATION (mm-ss):11-14 



04/1/3/2006 " 19:39 FAX 6125732005 



J5ICKE.BILLIG&CZAJA P. A. 



@ 006 



Amendment and Response jeST AVAILABLE COPY 

Applicant:. Francisco Corella 
Serial No. : 09/483,186 
Filed: January 14, 2000 

^uG^Sm^uct^u^TRvenmE employing unsigned certificates 



the certificate authority deleting the record representing the first certificate from the database. 



1 3. (Currently Amended) A method of authenticating a subject to a verifier in a public! 
key infrastructure (PKI), the method comprising the steps of: 

issuing a first certificate from a certificate authority to the subject, the first certificate 
including a public key of the subject, long-term identification information related to the , 
subject, and meta-data related to the first certificate, wherein the first certificate is not signed 
by the certificate authority; i 
maintaining, at the certificate authority, a database of records representing issued j 
certificates that are not signed hv the certifi cate authority and are valid until at least one of 
revoked by the certificate authority and expired; 

storing a record representing the first certificate in the database; 
maintaining, at the verifier, a hash table containing cryptographic hashes of valid 
certificates corresponding to the records stored in the database and including a cryptographic 
hash of the first certificate; 

presenting the issued first certificate from the subject to the verifier for authentication; 
demonstrating, by the subject, that the subject has knowledge of a private key j 
corresponding to the public key in the first certificate. 

14. (Previously Presented) The method of claim 13 wherein the first certificate includes 
an expiration date/time. 

15. (Previously Presented) The method of claim 1 3 wherein the first certificate does not 
include an expiration date/time. 

16. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard accessible by the subject. 

17. (Original) The method of claim 13 further comprising the step of: 

storing the private key in a secure software wallet accessible by the subject. ! 



PACE 6/26 • RCVD AT 4/13/2008 9:38:24 PM [Eastern Daylight Time] * SVR:USPTO£FXRF-1/10 * DNIS:2738300 * CSIO:6129732009 * DURATION pnrrHSS):11-14 



04/13/2006 19:40 FAX 6125732005 



D I CKE . BILLI G&CZA J A P. A. 



©007 



AVAILABLE COPY 

Applicant: Francisco Corella 
Serial No.: 09/483,186 
Filed: January 14, 2000 



18 (Previously Presented) The method of claim 13 further comprising the step of: j 
computing, by the verifier, the cryptographic hash of the first certificate with a j 
collision-resistant hash function. 

19. (Original) The method of claim 1 8 wherein the collision-resistant hash functionisa 
SHA-1 hash function. 

20. (Original) The method of claim 1 8 wherein the collision-resistant hash function is a 
MD5 hash function. 

21 (Previously Presented) The method of claim 13 further comprising the step of: 
revoking the first certificate when at least a portion of the long-term identification 

information related to the subject no longer applies to the subject. j 

22 (Previously Presented) The method of claim 13 further comprising revoking the first 
certificate when at least one of the private key is comprised and at least aportion of the long- 
term identification information related to the subject no longer applies to the subject, the; 
revoking including; 

retrieving the record representing the first certificate from the certificate database and 
obtaining a cryptographic hash of the first certificate; 

sending a message from certificate authority to verifier containing the cryptographic 

hash of the first certificate; 

requesting that the verifier remove the corresponding cryptographic hash of die first 

certificate from its hash table; 

removing the cryptographic hash of the first certificate from the hash table; 
notifying the certificate authority that the cryptographic hash of the first certificate ,s 

removed from the hash table; and 

collecting, at the certificate authority, the notification sent in the notifying step. 

23. (Previously Presented) The method of claim 22 wherein the revoking step further 

includes: 
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rking the record representing the first certificate in the database as being invalid,! 



for auditing purposes. 



24. (Previously Presented) The method of claim 22 wherein the revoking step further : 



deleting the record representing the first certificate from the database. i 

25. (Previously Presented) The PKI of claim 1 wherein the meta-data includes at least j 
one of a serial number of the first certificate and a name of the certificate authority. I 

26. (Previously Presented) The PKI of claim 1 wherein the long-term identification 
information related to the subject includes at least one of the subjects' name and a number 
identifying the subject. 

27. (Previously Presented) The PKI of claim 1 wherein the certificate authority and the 
verifier operate to revoke the first certificate when the private key corresponding to the public 
key in the first certificate is compromised. | 

28. (Previously Presented) The method of claim 13 further comprising: ; 
revoking the first certificate when the private key corresponding to the public key in 

the first certificate is compromised. 



includes: 
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